Hey folks, over the last couple months someone has been sending emails as our founder and engineer “Limor Fried.” The scammer appears to be emailing electronic companies after finding a contact email from the electronic company webpages and then asking the company to call/email them. The email address is not an @adafruit.com address of course, they are using email addresses like Limor_Fried@protonmail.com. Some of the emails sent were from other email providers and our team was able to get the accounts disabled, however, that is just “wack-a-mole” as they say. The recent ones have a Whatsapp phone #. We called and messaged the # and then were blocked it seems. We contacted Whatsapp, and alerted our legal folks. We also emailed protonmail (the most recent one) and they said “We will investigate and disable this account if we confirm that it’s being used to impersonate someone for purposes of fraud. Best regards, The ProtonMail Security Team”
So! Here’s a screenshot of the email that is being used each time. The electronic companies are all smart and knew right away it was not the real Limor, enough were sent out though that we wanted to post about it here to refer to.
The previous one(s) looks like this…
To be clear, that is not Limor. Limor does not even have a phone (or send emails like that). The Adafruit team uses only the following means for official Adafruit business: @adafruit.com and we do not use Whatsapp for phone calls.
In the past (and present, and future..) harassers, scammers, and stalkers have made fake Adafruit sites, sent emails as fake-Limor, fake-pt, fakes to our CFO, etc… pretty much everything that happens when you have a company or are a person online it seems. Shields up, stay frosty, and please email firstname.lastname@example.org when in doubt, we’ll check it out.
“We will take appropriate action against the account. If you notice any other similar accounts in the future, please let us know.
ProtonMail Abuse Team”
Another wave of fake Limors today. We contacted the hosting provider(s) and more as usual.
Headers are here.
User-Agent: Roundcube Webmail/1.3.3
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname – emerald7.doveserver.com
X-AntiAbuse: Originator/Caller UID/GID – [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain – adafruit.com
X-Get-Message-Sender-Via: emerald7.doveserver.com: authenticated_id: email@example.com
X-Authenticated-Sender: emerald7.doveserver.com: firstname.lastname@example.org
Begin forwarded message:
From: Limor Fried
Date: 11 October 2018 at 14:57:02 CEST
Update: 1/22/2019, another…
Update: 1/23/2019 another (tried to use adafruiit.com this time, adafruit with two ii …)
Update: 1/29/2019, another… (we were alerted of two, both coming from email@example.com, firstname.lastname@example.org)
Update: 3/11/2019, they are still at it… they are now using: 126.96.36.199 IP, smtp.hughes.net, from: email@example.com (we’ll see if there is a way to report this).
Update: 3/12/19, Microsoft banned the account.
Update: 4/24/19 we were alerted by a couple resellers they are at it again.
Update: 4/25/19 It appears the scammer was attempting to trick people they are emailing from firstname.lastname@example.org to filling out this form at “cognitoforms.com”, we were able to get the form taken down.
Update: 7/3/19 Looks like the fake-limor is at it again, this time they’re using a hotmail account (email@example.com), and a possibly hacked server/email account: firstname.lastname@example.org
Update: 8/19/19 Looks like another fake limor, this time using gmail. We reported email@example.com to google and google gmail abuse, we’ll see what happens.